Jun 13, 2019 2196times

Internet of Things (IoT) Secure Communication Module - Developer Training Course

IoT secure communication module Protection Profile (PP) developed is evaluating and certifying by Germany National Cybersecurity authority (BSI)* according to ISO/IEC 15408, it will be the 1st International recognized security specification/requirements for your IoT product. 

*Note The PP evaluation and certification process expected to be completed by Q3 2019.

Course Introduction

To participate in this training course, the following preliminary knowledge and skills were expected: 

  • Knowledge and skills of IoT security product development.
  • Knowledge of the following requirements
    • Common Criteria for Information Technology Security Evaluation (CC), v3, Revision 5, Part 1: Introduction and general model
    • Common Criteria for Information Technology Security Evaluation (CC), v3, Revision 5, Part 2: Security functional components
    • Common Criteria for Information Technology Security Evaluation (CC), v3, Revision 5, Part 3: Security assurance components
    • Common Methodology for Information Technology Security Evaluation (CEM), v3, Revision 5
    • Scheme relevant guidance, application notes, and interpretations (AIS/JIL).
    • IoT Protection Profiles (PPs) - secure communication module (EAL2+) 
    • IoT Protection Profiles (PPs) - security elements (EAL4+)
  • ISO/IEC 27001: Knowledge of the requirements of ISO/IEC 27001 (with ISO/IEC 27002) and the commonly used information security management terms and definitions, as given in ISO/IEC 27000.  

Who should attend?

  • IoT product developer, i.e. architect, R&D engineer, product manager 
  • IoT product manufacture, i.e. site security manager, facility manager 
  • Technical compliance officer 

Objectives

  • Understand the IT security evaluation criteria, supporting documents and scheme.
  • Understand the information security technologies used for IoT product development. 
  • Understand the development and manufacture of site security requirements. 
  • Prepare and define preliminary TOE (Target of Evaluation) and Security Target (ST) (if applicable).

Benefits

  • Improve the overall understanding of IoT security evaluation requirements and scheme
  • Supported by the field experts to identify the feasible TOE (i.e. IoT product) and project scope for evaluation and certification, same time and money
  • Supported by the field experts to identify the potential gaps between existing information security technology and evaluation/certification requirements (if applicable)

Course outline 

Day 1, Overview to the Common Criteria for IT Security Evaluation (CC, ISO/IEC 15408) and Protection Profile (PP) for IoT secure communication module

  • Motivation   
    • EU GDPR security requirements, i.e. data encryption, secured communication 
    • ICT security requirements, i.e. EU Cybersecurity Act
  • Overview to IT security evaluation scheme
    • CC (ISO/IEC 15408) evaluation scheme
    • Standards and Requirements 
    • IoT Secure Communication Module Protection Profile (PP) and Security Target (ST)
  • Develop a TOE ST for IoT secure communication module - Ch 1. ST introduction
    • ST reference
    • TOE reference
    • TOE overview
    • TOE description
  • TOE Scoping process 
  • Develop a TOE ST for IoT secure communication module - Ch 2. Conformance claim
    • CC conformance claim
    • PP claim
    • Package claim (EAL)
    • Conformance rationale 
  • Develop a TOE ST for IoT secure communication module - Ch 3. Security problem definition
    • Threats
    • Organizational security policies
    • Assumptions

Day 2, Security Target (ST) for IoT secure communication module develop

  • Develop a TOE ST for IoT secure communication module - Ch 4. Security objectives
    • Security objectives for the TOE
    • Security objectives for the operational environment
    • Security objectives rationale
  • Develop a TOE ST for IoT secure communication module - Ch 5. Extended components definition 
  • Develop a TOE ST for IoT secure communication module - Ch 6. Security requirements
    • Security functional requirements
    • Security assurance requirements
    • Security requirements rationale

Day 3, Security Target (ST) for IoT secure communication module develop

  • Develop a TOE ST for IoT secure communication module - Ch 6. Security requirements (cont.)
    • Security functional requirements
    • Security assurance requirements
    • Security requirements rationale
  • Develop a TOE ST for IoT secure communication module - Ch 7. TOE summary specification
  • Developer and manufacture site security requirements (ALC_DVS)
    • Overview to Information Security Management (according to ISO/IEC 27001 and ISO/IEC 27002) 
    • Overview to Germany BSI site security requirements
  • Other developer documents requirements
  • Course exam

What's included? 

  • Course material
  • Lunch included
  • Training certificate

Organizational information

  • The maximum numbers of delegates for this training course are 20. 
  • The training organizer shall ensure and provide all students with high-speed Internet access to www.TKSG.global from the training venue. 
  • This course is facilitated by www.TKSG.global online learning management system (LMS). The participants should have the capability to use their own PC, laptop notebook or suitable mobile devices to access the LMS.

Additional Info

Venue (地點): Asia, EU, Middle-East and USA
Time (時間): 3 days
Daily time: 09:00 ~ 17:00
Facilitator (講師): Authorized technical experts

Related items

Feasibility Study Workshop for IT Security Evaluation (CC, ISO/IEC 15408) and Certification
Feasibility Study Workshop for IT Security Evaluation (CC, ISO/IEC 15408) and Certification

The Common Criteria for IT Security Evaluation (CC, ISO/IEC 15408) is one of the most popular and market (include Asia, EU, Middle-East and US market) recognized IT Security Assurance Certificates for your ICT product.

Jun 13, 2019
IT Security (CC, ISO/IEC 15408) and Evaluation Assurance Level (EAL)
IT Security (CC, ISO/IEC 15408) and Evaluation Assurance Level (EAL)

Common Criteria for IT Security Evaluation (CC, ISO/IEC 15408) are International recognized IT and Product security evaluation and certification (EAL, evaluation assurance level) scheme.

Jun 13, 2019
Go to top
JSN Educare is designed by JoomlaShine.com | powered by JSN Sun Framework